Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make action compatible with custom plugin system #16

Closed
0xalpharush opened this issue Jun 21, 2022 · 10 comments
Closed

Make action compatible with custom plugin system #16

0xalpharush opened this issue Jun 21, 2022 · 10 comments

Comments

@0xalpharush
Copy link

Slither has a custom plugin system and it'd be nice to have it easily integrate into the github action by registering a file(s) and including those detectors in the run.
https://github.com/crytic/slither/tree/master/plugin_example
elopez added a commit that referenced this issue Jul 28, 2022
@elopez
Add a way to install Slither plugins
f1cc7a4 
This adds an extra option, `slither-plugins`, that lets users provide
a requirements.txt file to be installed alongside Slither. This can
be used to install Slither plugins.

Fixes: #16
@elopez elopez mentioned this issue Jul 28, 2022
Merged
@elopez
Copy link
Member

elopez commented Jul 28, 2022

I was thinking about a way to implement this. What about a way to provide a custom requirements file, to be installed after Slither? I left an untested draft in #21 if you want to see how it would look like.

name: Slither Analysis
on: [push]
jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      # let's say plugins are bundled in the repository or checked out @ 'plugins/'
      - uses: crytic/slither-action@dev-slither-plugins
        with:
          target: 'src/'
          slither-plugins: 'plugins/requirements.txt'

@0xalpharush
Copy link
Author

Would the plugin have to be available on pip? Usually, it would just be a single python file with a custom detector.

@elopez
Copy link
Member

elopez commented Jul 29, 2022
edited
Loading

Not necessarily, but it would have to be installable with pip (e.g. having the setup.py like in the linked example). Other than that, the requirements file could point to a local wheel, a folder or separate checked out repository, a (public) git or zip URL or so on.

(I assumed you meant available on PyPI, let me know if I misunderstood)

@fextr
Copy link

fextr commented Apr 18, 2024

Hey @elopez!
It will be great to see this feature in action. What blockers do you have with it?

@elopez
Copy link
Member

elopez commented Apr 18, 2024

Hey @fextr ! Feedback from interested parties would be great. Is the draft on #21 something that would be useful to you? Why or why not?

@fextr
Copy link

fextr commented Apr 18, 2024

Hey @fextr ! Feedback from interested parties would be great. Is the draft on #21 something that would be useful to you? Why or why not?

For more context: I would like to add additional detectors to the slither, e.g slitherin
If I understood correctly, the draft implementation looks suitable for my needs.

elopez added a commit that referenced this issue Apr 19, 2024
@elopez
Add a way to install Slither plugins
7842622 
This adds an extra option, `slither-plugins`, that lets users provide
a requirements.txt file to be installed alongside Slither. This can
be used to install Slither plugins.

Fixes: #16
@elopez
Copy link
Member

elopez commented Apr 19, 2024

@fextr I've merged the proposed changes with a bit more of documentation to the dev branch, you should be able to try it out if you want. Just write a pip requirements file specifying what to install (e.g. just a txt file saying slitherin if you want to install the version from pip) and then provide the path to the file on the slither-plugins option. Use crytic/slither-action@dev so that Github picks up the dev branch.

      - uses: crytic/slither-action@dev
        with:
          ...
          slither-plugins: ./requirements-plugins.txt
          ...

@fextr
Copy link

fextr commented Apr 20, 2024

@elopez It works well for me. Thank you!

@fextr
Copy link

fextr commented Apr 29, 2024

@elopez howdy! can you release this feature, please? I prefer to avoid the dev version in actions :)

@elopez elopez closed this as completed in a28260c May 1, 2024
@elopez
Copy link
Member

elopez commented May 1, 2024

@fextr released in v0.4.0 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@elopez @fextr @0xalpharush